Instructor

TA

Projects

Proposals.
Project proposals are due September 20. A proposal should be 2-3
pages long and include the following:

Names of team members (at most 2 students per team).

Description of the system or network protocol that you are planning to
analyze or implement, or the tool that you will be building or extending.

Description of the security properties you intend to investigate.

Tools and/or analysis techniques you are planning to use.

Clear description of project deliverables. Possible deliverables
are a software prototype, a substantial case study, or, in the case of
a purely theoretical study, proofs (manual or machine-assisted).

Evaluation.
At the end of the project, each team should produce a workshop-quality
10-page paper with novel research results.

Project ideas.
These are only suggestions. You are encouraged to propose your
own topic. Some sample
projects from previous years can be found below.

Implement a software protection method

Design and implement a prototype of a new tool for (1) preventing
or containing execution of malicious code, or (2) finding security
vulnerabilities in existing programs. Evaluate its usefulness against
various attacks. Examples:

Study privacy aspects of some networked consumer device: for example,
Kinect or Up by Jawbone.

Build a system for privacy-preserving Web browsing that would be secure
against timing attacks.

Investigate a popular network protocol from a privacy perspective and
design a new, privacy-preserving version.

Investigate algorithmic aspects (decidability, complexity, etc.) of
some legally mandated privacy policy. For example, what does it take to
enforce HIPAA for medical data, or Gramm-Leach-Bliley for financial data?

Analyze a secure network protocol

Using a formal verification tool or manual analysis, either prove a
network protocol secure or discover security flaws. Examples of protocols
(ask the instructor for specific references):

Analyze a software system

Analyze a substantial program or suite of programs. Your objective
is to re-discover known vulnerabilities or try to find new ones.
Look for both design and implementation vulnerabilities.
I suggest choosing a popular open-source program from, for example,
SourceForge. Pick a program that
you find interesting and would like to learn more about.

I recommend using an analysis tool to start. Sample tools include
MOPS,
Cqual,
flawfinder, and
Splint.
Feel free to use a tool not from the list, or even develop your own tool.
If you use an existing tool, your report should include a detailed
evaluation of its strengths and weaknesses.

Do a theoretical study

Examples:

Develop a cryptographic proof of security for a network protocol
such as TLS, IKE, or Kerberos.

Apply algorithmic techniques for efficient analysis of large datastreams
to the detection of distributed botnet activity.

Design and analyze a privacy-preserving version of some common distributed
protocol.

Talk to the instructor if you are interested in a more theoretical
project.